JP6162831B2 - Packet communication system, SDN control device, packet communication method, and program - Google Patents

Description

  The present invention relates to a technique that enables dynamic connection setting and connection change between hosts.

  In a processing system having a Service Oriented Architecture (SOA) or Microservice Architecture (MSA) configuration, single-function applications are connected in a permutation on an IP network and the entire processing is executed.

  With the spread of virtualization services in recent years, single-function applications are executed on virtual machines (VMs), which are virtualized computer resources. In particular, when it is necessary to speed up the processing of a single function application that requires a lot of computing resources, multiple VMs are started up and load distribution is performed using a parallel pipeline.

  As conventional techniques related to the above technique, for example, there are techniques disclosed in Non-Patent Document 1 and Patent Document 1.

  The technology disclosed in Non-Patent Document 1 performs address translation (NAPT) based on the port number included in the header of the TCP / UDP layer via the GW for address translation (NAT) between the client and server This is a technology for connecting hosts belonging to networks with different address systems. However, the technique of Non-Patent Document 1 aims to realize communication in only one direction, and does not describe communication with bidirectionality. Therefore, it cannot be applied when bidirectional communication such as TCP is required. In addition, as a method of selecting a port number associated with a client and a server at the time of address conversion, a method of randomly assigning regardless of a related host network is adopted.

  The technique disclosed in Patent Document 1 is a technique for connecting different network bases by tunneling using a virtual network connection (VPN) GW. Only when connected networks use the same IP address space, a virtual IP address space is set and NATed to avoid the address collision problem.

Akihiko Kitamura, Hiroyuki Kimiyama, Tatsuya Fujii, Mitsuru Maruyama, "Proposal of Virtual Network Configuration Method Using Wide Area L2 / L3 Network", IEICE Technical Report, vol.114, no.477, pp.197-202 , 2015.

JP 2009-017429

  The following points can be cited as issues in realizing a processing system in which a plurality of applications (VMs) connected in the background art are connected.

  When a new application (VM) is added, the network configuration must be changed, so the application settings must be changed. However, the conventional application may not have an external setting change function. Even if there is such a function, it is often necessary to stop the function once when the setting is changed.

  Furthermore, because VMs on different cloud services are operated in their own IP space, NAT / VPN additional functions such as VXLAN are required on the network side for different VMs to communicate with each other. In addition, if there is a bias in the network resources (bandwidth used) on the way, it is necessary to change the path of the connection between VMs to another path.

  In the technology disclosed in Non-Patent Document 1, the port number that can be used between a set of network bases is limited to the number of port numbers that can be used in NAT GW. The number of possible connections is greatly limited. Furthermore, when the number of connected hosts increases, the time for searching for available port numbers increases, and the load of NAT management processing increases.

  Further, in the technique disclosed in Patent Document 1, when there are a plurality of network bases using the same address space and a connection is attempted from another network base, a plurality of network bases are applicable in specifying the connection destination address. Therefore, routing is impossible and there is a problem that the hosts cannot be connected.

  With reference to FIG. 1, problems in realizing a processing system in which a plurality of applications (VMs) are connected will be specifically described. FIG. 1 is an example of a video production workflow using an SOA system. Here, one process (color conversion, caption synthesis, video format conversion process, etc.) of video is executed by one application (VM), and the target process is realized by connecting them in a permutation. That is, as shown in FIG. 1, the video material transmitted from the video material distribution host 1 is color-converted by the color conversion application (VM) 2 and the caption synthesis is performed by the caption synthesis application (VM) 3. Video format conversion is performed by the format conversion application (VM) 4 and transmitted to the video storage host 5. FIG. 1 also shows a processing path in which video format conversion is not performed.

  In the processing system, one application operates as a “client host” when transmitting data, and operates as a “server host” when receiving data. Therefore, in FIG. “Host” is described, and “Server host” is described in the reception part.

  As shown in FIG. 1, video data is received for each application, processed, and transmitted to the next application. Since the video format conversion process takes a very long time in this process, first, three VMs are activated and the load is distributed by a parallel pipeline.

  Here, in order to increase the processing speed, consider a case where a new VM is added as shown in FIG. At this time, the subtitle composition application 3 detects the fact that a new video format conversion VM has been added, checks the IP address and standby port number of the added VM, and adds it to the destination VM list Change is required.

  Also, if the newly added VM is placed in a place where direct IP communication is not possible in a different IP space from the caption synthesis application (VM) (for example, on another cloud service), VPN / tunnel connection or NAT on the network side You need to configure the connection.

  It is not practical to add these configurations and setting change functions to all existing applications and make them compatible. That is, in the conventional technology, in a processing system configured by connecting a plurality of hosts, connection control between the hosts cannot be performed dynamically without changing the host settings.

  The present invention has been made in view of the above points. In a processing system configured by connecting a plurality of hosts, it is possible to dynamically control connection between hosts without changing host settings. The purpose is to provide technology.

According to an embodiment of the present invention, an SDN control device, a first SDN switch that communicates with a first host, and a second SDN switch that communicates with a second host are provided .
The SDN control device designates a packet address translation rule for each of the first SDN switch and the second SDN switch,
The first SDN switch receives a packet addressed to the first SDN switch from the first host, rewrites the address of the packet according to an address translation rule specified by the SDN control device, and rewrites the packet with the rewritten address. To the second SDN switch,
The second SDN switch receives a packet from the first SDN switch, rewrites the address of the packet according to an address translation rule specified by the SDN control device, and transmits the packet with the rewritten address to the second host.
In packet communication systems,
The SDN controller is
A candidate route table storing information on candidate routes available between the first SDN switch and the second SDN switch together with a key using a name of a local network to which a host is connected as a name space; Based on a key corresponding to one host and the second host, a candidate route is obtained from the candidate route table, and a route used for communication between the first host and the second host is selected from the candidate route. A packet communication system is provided.
Further, according to the embodiment of the present invention, the SDN control device, the first SDN switch for communicating with the first host, and the second SDN switch for communicating with the second host are provided.
The SDN control device designates a packet address translation rule for each of the first SDN switch and the second SDN switch,
The first SDN switch receives a packet addressed to the first SDN switch from the first host, rewrites the address of the packet according to an address translation rule specified by the SDN control device, and rewrites the packet with the rewritten address. To the second SDN switch,
The second SDN switch receives a packet from the first SDN switch, rewrites the address of the packet according to an address translation rule specified by the SDN control device, and transmits the packet with the rewritten address to the second host.
In packet communication systems,
The SDN controller is
A key having a combination of a port number of the first SDN switch and a port number of the second SDN switch, information on a path between the first SDN switch and the second SDN switch, and a name of a local network to which a host is connected The port allocation table stored together with the port allocation table is searched based on the key corresponding to the communication between the first host and the second host, and an unused port number in the port allocation table is searched. Is determined as a combination of port numbers used for communication between the first host and the second host.
A packet communication system is provided.

Further, according to the embodiment of the present invention, the SDN controller, a first 1SDN switch for communicating with the first host, runs in a packet communication system and a second 2SDN switch for communicating with a second host,
The SDN control device designating a packet address translation rule for each of the first SDN switch and the second SDN switch;
The first SDN switch receives a packet addressed to the first SDN switch from the first host, rewrites the address of the packet according to an address translation rule designated by the SDN control device, and rewrites the packet with the rewritten address. Sending to the second SDN switch;
The second SDN switch receives a packet from the first SDN switch, rewrites the address of the packet in accordance with an address conversion rule specified by the SDN control device, and transmits the packet with the rewritten address to the second host. A packet communication method comprising:
The SDN controller is
A candidate route table storing information on candidate routes available between the first SDN switch and the second SDN switch together with a key using a name of a local network to which a host is connected as a name space; Based on a key corresponding to one host and the second host, a candidate route is obtained from the candidate route table, and a route used for communication between the first host and the second host is selected from the candidate route. A packet communication method is provided.
According to an embodiment of the present invention, the packet communication system includes an SDN control device, a first SDN switch that communicates with the first host, and a second SDN switch that communicates with the second host.
The SDN control device designating a packet address translation rule for each of the first SDN switch and the second SDN switch;
The first SDN switch receives a packet addressed to the first SDN switch from the first host, rewrites the address of the packet according to an address translation rule designated by the SDN control device, and rewrites the packet with the rewritten address. Sending to the second SDN switch;
The second SDN switch receives a packet from the first SDN switch, rewrites the address of the packet in accordance with an address conversion rule specified by the SDN control device, and transmits the packet with the rewritten address to the second host. Step and
In a packet communication method comprising:
The SDN controller is
A key having a combination of a port number of the first SDN switch and a port number of the second SDN switch, information on a path between the first SDN switch and the second SDN switch, and a name of a local network to which a host is connected The port allocation table stored together with the port allocation table is searched based on the key corresponding to the communication between the first host and the second host, and an unused port number in the port allocation table is searched. Is determined as a combination of port numbers used for communication between the first host and the second host.
A packet communication method is provided.

  According to the embodiment of the present invention, there is provided a technique capable of dynamically controlling connection between hosts without changing host settings in a processing system configured by connecting a plurality of hosts. .

It is a figure for demonstrating a subject. It is a figure which shows the structural example of the system in embodiment of this invention. It is a figure for demonstrating the operation | movement in 1st Embodiment. It is a sequence diagram for demonstrating the operation | movement in 1st Embodiment. It is a figure for demonstrating the condition of a flow table. It is a figure for demonstrating the address conversion at the time of establishing and changing the connection between hosts, and a port number corresponding | compatible management method. It is a figure for demonstrating the address conversion at the time of establishing and changing the connection between hosts, and a port number correspondence management method. It is a figure for demonstrating the operation | movement in 2nd Embodiment. It is a sequence diagram for demonstrating the operation | movement in 2nd Embodiment. It is a figure which shows the change of a flow table. It is a figure which shows the change of a flow table. It is a figure which shows the structural example of each apparatus of the system in this Embodiment.

  Hereinafter, an embodiment (this embodiment) of the present invention will be described with reference to the drawings. The embodiment described below is only an example, and the embodiment to which the present invention is applied is not limited to the following embodiment.

(System configuration example)
FIG. 2 shows a configuration example of a system (may be called a packet communication system) in the present embodiment (common to the first embodiment and the second embodiment). The system according to the present embodiment assumes a system in which single-function applications such as those illustrated in FIG. 1 are connected in a permutation on the IP network and the entire process is executed. However, the application target of the present invention is not limited to such a system, and can be applied to various systems.

  In the system shown in FIG. 2, one SDN (Software Defined Networking) switch is arranged for each application local network (having a private IP address), and each SDN switch can directly communicate via a global IP network. It has a configuration. The “application” here is an apparatus (a physical computer or a virtual machine) on which an application program operates. Hereinafter, the application is referred to as “host”. In FIG. 2, the application on the data transmission side is indicated as “client host”, and the application on the data reception side is indicated as “server host”.

  As described above, the configuration shown in FIG. 2 is a configuration in which local networks having private IP addresses are interconnected in a global IP space via one SDN switch. In a normal network configuration, the local network is connected via an L3 switch that is a GW. Therefore, the system according to the present embodiment is realized by simply replacing the L3 switch with an SDN switch.

  The SDN switch according to the present embodiment includes a flow table having a match field and an action field, and compares the information of the input packet with the information described in the match field. (For example, rewrite the header and output from a predetermined port). The SDN switch itself is an existing technology. Hereinafter, the configuration of the present system will be described more specifically.

  As shown in FIG. 2, the system according to the present embodiment has three local networks, and has private IP addresses 192.168.0.0/24, 192.168.10.0/24, and 192.168.0.0/24, respectively. ing. Further, each local network is connected to a network having a global address through an SDN switch SDN1, an SDN switch SDN2, and an SDN switch SDN3. Hereinafter, the SDN switch SDN1, the SDN switch SDN2, and the SDN switch SDN3 are described as SDN1, SDN2, and SDN3, respectively.

  SDN1 has 192.168.0.1 as a local address and 10.0.1.1 and 20.0.1.1 as global addresses. Similarly, SDN2 and SDN3 have private addresses 192.168.10.1 and 192.168.0.1, global addresses SDN2 has 10.0.2.1, and SDN3 has 10.0.3.1 and 20.0.3.1, respectively. . The global address is connected to interconnectable networks 300 and 400.

  In this embodiment, the names of local networks having SDN1, SDN2, and SDN3 are referred to as “SDN1,” “SDN2,” and “SDN3”, respectively, and are used as namespaces in “NAPT port management by name space” described later. .

  As shown in FIG. 2, each local network has a plurality of hosts, assigned private IP addresses, and connected to the network. For example, 192.168.0.10 is assigned to the client host 10 and 192.168.0.11 is assigned to the server host 20.

  Each SDN switch is externally connected to the SDN control device 200 via a dedicated control connection line, and receives a command from the SDN control device 200 and performs packet switching processing. In the present embodiment, the SDN control device 200 is a device having an SDN controller and an SDN manager.

  Further, the SDN control device 200 has a port allocation management database 100, and manages a state corresponding to address translation. The port allocation management database 100 may be an internal function of the SDN control device 200 or may be provided outside the SDN control device 200. In any case, the SDN control device 200 can refer to each table of the port assignment management database 100.

  An example of packet transfer operation in the system shown in FIG. 2 will be described. As an example, consider a case where a packet is transferred from a client host 10 belonging to SDN1 and having an IP address 192.168.0.10 to a server host 20 belonging to SDN3 and having an IP address 192.168.0.11. At this time, the client host 10 transfers the target packet to SDN1. In SDN1, it identifies that it is a transfer packet to SDN3 from a transmission source IP address and a destination TCP / UDP port number, and transfers to SDN3. In SDN3, the packet is transferred from the transmission source SDN switch and the TCP / UDP port to the host having the IP address 192.168.0.11 belonging to SDN3, and the packet is transferred. Details of packet identification and address translation will be described later.

  As described above, connection between hosts belonging to different local networks is realized by the system according to the present embodiment.

(First embodiment)
Hereinafter, the first embodiment will be described. In the first embodiment, a description will be given of an address conversion and a port number correspondence management method for establishing and changing a connection between hosts arranged in different IP spaces without changing the setting of the host (application, VM).

<Example of processing sequence>
FIG. 3 is a diagram showing the address conversion in an easily understandable manner with respect to the operation according to the first embodiment, and FIG. 4 is a sequence diagram showing the operation according to the first embodiment. Hereinafter, description will be given along the sequence diagram of FIG. In the description, FIG. 3 will be referred to as appropriate.

  In the first embodiment, as described above, from the client host 10 belonging to SDN1 and having the IP address 192.168.0.10 (denoted as host SDN1 :: 192.168.0.10) to SDN3 :: 192.168. Consider the case of connecting to a server process that listens on port TCP / 80 on 0.11 (server host 20).

  First, the system operator inputs an instruction to connect SDN1 :: 192.168.0.10 to SDN3 :: 192.168.0.11: 80 to the SDN control device 200. As a result, the SDN control device 200 notifies SDN1 and SDN3 that the packet of the destination port 8080 is connected to 10.0.3.1::192.168.0.11:80 (SDN3 :: 192.168.0.11) (step S101, S102). Thereby, SDN1 starts monitoring the packet of the destination port 8080 addressed to itself (step S103).

  Subsequently, the client host 10 is notified from the system that the tcp / 8080 port is the connection destination (step S104). The client host 10 sets the destination IP address 192.168.0.1, the destination port number to tcp / 8080, and the source address to its own IP address 192.168.0.10, toward the SDN1 that belongs to the client host 10 The packet is transmitted with the port number set to an integer value determined at random, for example, 1234 (step S105). Hereinafter, this packet is described as dst = 192.168.0.1: 8080 and src = 192.168.0.10: 1234.

  FIG. 3 shows that the packet is transmitted from the client host 10. The meaning of the packet description in FIG. 3 is as described in the example on the right side of FIG.

  SDN1 refers to its own flow table using the packet information of dst = 192.168.0.1: 8080, src = 192.168.0.10: 1234 as a key, and checks whether the corresponding flow entry has already been registered. That is, the presence or absence of a match is checked (step S106 in FIG. 4). Since the corresponding flow entry is not registered in the initial state, the SDN 1 transfers the arrived packet to the SDN control device 200 (SDN controller) (step S107). Such packet transfer is called PacketIn.

  When PacketIn occurs, the SDN controller 200 (SDN manager) assigns 10.0.1.1:6636 on SDN1 and 10.0.3.1:7749 on SDN3 as the intermediate route used between SDN switches and its corresponding tcp port, and the server 2345 is assigned as the corresponding transmission source port number in the local network on the side (step S108). Thereafter, the information is notified to SDN1 and SDN3, and the address translation flow entry is registered (steps S109 to S112). That is, a signal designating a packet address translation rule (address rewrite rule) is transmitted to SDN1 and SDN3. This signal includes, for example, contents corresponding to each SDN in the flow table shown in FIG.

  After that, SDN1 converts the address every time the packet arrives and rewrites the header part to dst = 10.0.3.1: 7749 and src = 10.0.1.1: 6636 without changing the packet payload information (in SDN1 in FIG. Rewriting), the packet is transferred to SDN3 (steps S113, S114, S116, and S117 in FIG. 4).

  In SDN3, address conversion is performed using the packet information of dst = 10.0.3.1: 7749 and src = 10.0.1.1: 6636 as keys, and dst = 192.168.0.11: 80, src = 192.168.0.1: 2345 (SDN3 in FIG. 3) The packet is transferred to the server host 20 (steps S115 and S118 in FIG. 4).

  Thus, packet transfer from the client host 10 to the server host 20 is completed. Conversely, packet transfer from the server host 20 to the client host 10 is realized by performing the above reverse address translation. Using the above example, first, SDN3 :: 192.168.0.11 which is the server host 20 transmits a packet as dst = 192.168.0.1: 2345 and src = 192.168.0.11: 80. In SDN3, the packet is transferred as dst = 10.0.1.1: 6636 and src = 10.0.3.1: 7749 by address conversion. In SDN1, the packet is transferred to the client host 10 of SDN1: 192.168.0.10 as dst = 192.168.0.10: 1234 and src = 192.168.0.1: 8080 by address conversion.

  As described above, packet transfer in the reverse direction is also realized, and the present invention can be used in bidirectional communication such as tcp communication.

<Example of flow table>
Flow entries registered on SDN1 and SDN3 at the time indicated by the broken line in the sequence diagram of FIG. 4 will be described with reference to FIG.

  As shown in FIG. 5A, the flow table in SDN1 to which the client host 10 belongs corresponds to src = 192.168.0.10: 1234 and dst = 192.168.0.1: 8080 among the packets arriving from the connection port p2 of the local network. When a packet arrives (match field), after performing address translation of dst = 10.0.3.1: 7749, src = 10.0.1.1: 6636 as address translation / forwarding processing (action field), connection port in global address space The flow entry to be transferred to p1 is registered.

  Also, as a flow rule for packets in the reverse direction, among packets arriving at connection port p1 in the global address space, for packets corresponding to dst = 10.0.1.1: 6636, src = 10.0.3.1: 7749, dst = The address entry of 192.168.0.10:1234, src = 192.168.0.1: 8080 is implemented, and the flow entry to be transferred to the local network connection port p2 is registered.

  As shown in FIG. 5B, the same flow entry is registered for the SDN 3 to which the server host 20 belongs.

  In this embodiment, it is possible to change the connection between the hosts without changing the client host and the server host only by rewriting the flow entry on the SDN switch. For example, in the flow entry described above, only the IP address 192.168.0.11 of the server host 20 of SDN3 is set to 192.168.0.22, and the client host SDN1 :: 192.168.0.10 is changed to another server host SDN3 :: 192.168. It is possible to change to a connection to .0.22.

<About address conversion and port number management method>
In this embodiment, in correspondence with tcp / udp port-based address translation, the IP address of the local network and the connection target host is used as a name space, so that interference detection of the associated port and search for unused port numbers can be performed. High speed is realized. Hereinafter, with reference to FIGS. 6A and 6B, NAPT port management by name space in the present embodiment will be described.

  The SDN control device 200 (SDN manager) holds client_key and server_key as main variables. As illustrated in the upper side of FIG. 6A, client_key and server_key are variables given in the following format with the name of the local network as the region ID.

client_key = Region ID :: Client IP: Client source port / Client destination port
server_key = region ID :: server IP: server listen port For example, in the example shown in FIG. 3, client_key and server_key are as follows.

client_key = SDN1 :: 192.168.0.10: 1234/8080
server_key = SDN3 :: 192.168.0.11: 80
The SDN control device 200 (SDN manager) manages the address translation state using the port assignment management database 100 together with these variables. As shown as “definition table by key-value store and its data structure” in FIG. 6A, the port assignment management database 100 includes the following four types of tables.

(1) Inter-SDN route candidate table inter_sdn_route
(2) Inter-SDN route table inter_sdn_path
(3) Inter-SDN port allocation table inter_sdn_port
(4) Server-side SDN switch source port number table server_sdn_local_port
In the inter-SDN route candidate table (inter_sdn_route), an available route and a global IP address corresponding to it are managed between the SDN switches connecting the local networks. Such information is registered by the system administrator. In this table, a combination of region IDs to be connected can be used as a key to obtain a value. For example, in the example of FIG. 2, as global IP address candidates corresponding to the connection routes of SDN1 and SDN3, two routes of SDN1 = 10.0.1.1, SDN3 = 10.0.3.1 and SDN1 = 20.0.1.1, SDN3 = 20.0.3.1 If there is, the key and value of the inter-SDN candidate table are expressed as follows.

key = (SDN1, SDN3)
value = [["10.0.1.1", "10.0.3.1"], ["20.0.1.1", "20.0.3.1"]]
In the inter-SDN route table (inter_sdn_path), a global IP address on the SDN switch corresponding to an intermediate route used when connecting hosts is held. In this table, values can be obtained using the client_key and server_key to be connected as keys. For example, in the example of FIG.
key = (SDN1 :: 192.168.0.10: 1234/8080, SDN3 :: 192.168.0.11: 80)
value = [10.0.1.1, 10.0.3.1]
It becomes.

The inter-SDN port assignment table (inter_sdn_port) holds the corresponding tcp / udp port number on the SDN switch used when connecting hosts. In this table, a combination of inter_sdn_path, client_key, and server_key is used as a key, and the port number to be used is held as a value. For example, in the example of FIG.
key = (10.0.1.1, 10.0.3.1) :( SDN1 :: 192.168.0.10: 1234/8080, SDN3 :: 192.168.0.11: 80)
value = [6636, 7749]
It becomes.

The server side SDN switch transmission source port number table (server_sdn_local_port) holds the tcp / udp port numbers used by the SDN switch in the local network to which the server host belongs. In this table, server_key is used as a key, and the corresponding port number is held as a value. For example, in the example of FIG.
key = SDN3 :: 192.168.0.11: 80
value = 2345
It becomes.

<Procedure for determining inter-base route and port number>
Next, referring to FIG. 6B for an example of a procedure executed by the SDN control device 200 (SDN manager) when assigning a route / port number (example: step S108 in FIG. 4) on the premise of the above table configuration. To explain.

  First, client_key (example: SDN1 :: 192.168.0.10) and server_key (example: SDN3 :: 192.168.0.11) are set as connection host settings (step S11).

  Next, a list of routes between bases is acquired (step S12). Here, a candidate for a route (a set of IP addresses facing outward from the SDN switch) between two bases is searched from the inter-SDN route candidate table (inter_sdn_route) from client_key and server_key.

  Then, the route between bases is determined (step S13). Here, of the route candidates between the two bases searched, the used route is selected according to a predetermined system path selection criterion (for example, the route with the maximum available bandwidth), and (client_key, server_key) is set as the key. Register in the inter-SDN route table inter_sdn_path.

  Next, the corresponding port number is assigned between the SDN switches (step S14). Here, the inter-SDN port allocation table (inter_sdn_port) is searched using (inter_sdn_path, client_key, server_key) as a key, and combinations of unused port numbers are randomly allocated in the table. At this time, no interference occurs even if a combination of port numbers used in another key (inter_sdn_path) of the table is used. Add and register the assigned port number to the same key in the same table.

  Next, the transmission / reception port number in the base of the server side SDN switch is assigned (step S15). Here, the server-side SDN switch transmission source port number table (server_sdn_local_port) is searched using server_key as a key, and unused port numbers are randomly assigned in the table. At this time, no interference occurs even if a port number used in another key of the table is used. Add and register the assigned port number to the same key in the same table.

  Here, “unused port number combinations in the table are randomly assigned as described above. At this time, even if the port number combinations used in other keys of the table are used, no interference occurs. ”Will be described in detail using an example described in“ 3. Inter-SDN port allocation table (inter_sdn_port) ”in FIG. 6A.

  In this example, for the key "(10.0.1.1, 10.0.3.1)", enter the entry ("(SDN1 :: 192.168.0.10: 1234/8080, SDN3 :: 192.168.0.11: 80)") On the other hand, the port number "[6636, 7749]" is assigned.

  Here, an entry (for example, “(SDN1 :: 192.168.0.10: 5678/8080, SDN2 :: 192.168.10.11: 80)”) with the key “(10.0.1.1, 10.0.2.1)” is added. If the same port number "[6636, 7749]" is assigned, the above two types of flows can be identified (from the source / destination IP address) by each SDN switch, so that it works without problems. . That is, even if a combination of port numbers used in another key is used, no interference occurs.

The “inter-SDN port allocation table (inter_sdn_port)” in the above case is as follows.
[
"(10.0.1.1, 10.0.3.1)": {(SDN1 :: 192.168.0.10: 1234/8080, SDN3 :: 192.168.0.11: 80): [6639,7749]},
"(10.0.1.1, 10.0.2.1)": {(SDN1 :: 192.168.0.10: 5678/8080, SDN2 :: 192.168.10.11: 80): [6639,7749]}
]
Conversely, the same key, that is, the same as another entry in "(10.0.1.1, 10.0.3.1)" (for example, "(SDN1 :: 192.168.0.20: 1234/8080, SDN3 :: 192.168.0.21: 80)") If the port number is assigned, these flows cannot be identified by the SDN switch, and the operation will not be performed. That is, the “inter-SDN port allocation table (inter_sdn_port)” is not allowed to be in the following state.
[
"(10.0.1.1, 10.0.3.1)": {(SDN1 :: 192.168.0.10: 1234/8080, SDN3 :: 192.168.0.11: 80): [6639,7749],
(SDN1 :: 192.168.0.20: 1234/8080, SDN3 :: 192.168.0.21: 80): [6639,7749]}
]
As described above, in the present embodiment, the tcp / upd port number used in the intermediate route is managed and separated by the key combining the client host, the server host, and the intermediate route. It is possible to assign the same port number to the key and increase the number of connectables. (2) Similarly, it is possible to limit the interference of address translation due to the use of the same port to only the table in the same key. There is an advantage that the port can be searched at high speed.

(Second Embodiment)
Next, a method for avoiding packet loss at the time of switching without changing the host (application) setting and changing the NW path between the SDN switches will be described as a second embodiment.

<Example of processing sequence>
FIG. 7 is a diagram showing the address conversion operation immediately after path switching in an easy-to-understand manner with respect to the operation according to the second embodiment, and FIG. 8 is a sequence diagram showing the operation according to the second embodiment. . Hereinafter, description will be given along the sequence diagram of FIG. In the description, FIG. 7 will be referred to as appropriate. FIGS. 9 and 10 show changes in the flow table, and FIGS. 9 and 10 are also referred to as appropriate in the description of the sequence. In FIG. 9, the flow table A shows before route switching, which is the same as FIG.

  The network configuration in the present embodiment is the same as that shown in FIG. 2. In the initial state, the client host 10 of SDN1 :: 192.168.0.10 is connected to the server host 20 of SDN3 :: 192.168.0.11: 80 with an intermediate path ( 10.0.1.1, 10.0.3.1).

  Here, the system operator assigns the use of (20.0.1.1, 20.0.3.1) as a new intermediate route to this system. Thereafter, the SDN control device 200 (SDN manager) allocates a corresponding port to be used for a new route (20.0.1.1, 20.0.3.1) in the procedure shown in FIG. 6B (step S201 in FIG. 8). Here, the corresponding port numbers are assigned between the SDN switches by the procedure of step S14 shown in FIG. 6B.

  For example, it is assumed here that number 5001 on SDN1 and number 6001 on SDN3 are assigned. Thereafter, in the SDN control device 200, the SDN manager adds an address translation flow entry to the packets from the global IP network to the local network (from outside to inside) for SDN1 and SDN3 via the SDN controller ( Steps S202 to S205).

  Specifically, as shown at the bottom of the three stages of the flow table B of FIG. 9, dst = 20.0.1.1: 5001, src = 20.0.3.1: 6001 arrives at the connection port p3 with respect to SDN1. After performing address translation of dst = 192.168.0.10: 1234, src = 192.168.0.1: 8080 on the packet of, a flow entry for transferring the packet to the connection port p2 is added.

  Similarly, for SDN3, for the packet with dst = 20.0.3.1: 6001 and src = 20.0.1.1: 5001 arriving at connection port p3, dst = 192.168.0.11: 80, src = 192.168.0.1: 2345 After performing the address translation, a flow entry for transferring the packet to the connection port p2 is added.

  Subsequently, in the SDN control device 200, the SDN manager replaces a flow entry for address translation for packets from the local network to the global IP network (from inside to outside) for SDN1 and SDN3 via the SDN controller. (Steps S206 to S209 in FIG. 8).

  Specifically, as shown in the top of the three stages of the flow table C in FIG. 10, dst = 192.168.0.1: 8080, src = 192.168.0.10: 1234 arrives at the connection port p2 with respect to SDN1. Rewrite the action for the packet as follows.

  After address conversion processing to old action: dst = 10.0.3.1: 7749, src = 10.0.1.1: 6636, the packet is transferred to the connection port p1.

  After address conversion processing to new action: dst = 20.0.3.1: 6001, src = 20.0.1.1: 5001, the packet is transferred to the connection port p3.

  Similarly, the action for the packet of dst = 192.168.0.1: 2345 and src = 192.168.0.11: 80 arriving at the connection port p2 is rewritten as follows for SDN3.

  After address conversion processing to old action: dst = 10.0.1.1: 6636 and src = 10.0.3.1: 7749, the packet is transferred to the connection port p1.

  After address conversion processing to new action: dst = 20.0.1.1: 5001 and src = 20.0.3.1: 6001, the packet is transferred to connection port p3.

  The instruction transmitted from the SDN control device 200 to SDN1 and SDN3 is an instruction including the above-described rewriting content.

  Subsequently, the SDN control device 200 (SDN manager) waits for completion of transfer of a packet on the path before the path change at this time, so that the round-trip propagation delay time (RTT) between SDN1 and SDN3 before the path change. Wait (step S210 in FIG. 8). Thereafter, the SDN manager of the SDN control device 200 deletes the address translation flow entry used in the old path via the SDN controller (steps S211 to S214, flow table D in FIG. 10).

  This completes the path switching between the SDN switches. This switching is completed only by operating the flow entry on the SDN switch. As a result, the route between SDN switches can be changed without changing the host (application) settings and avoiding packet loss during switching. Realized.

(Device configuration)
FIG. 11 illustrates a configuration example of each apparatus that performs the processing operations described so far. Since each SDN switch has the same configuration, the SDN switch 500 is shown as a representative in FIG. In the example of FIG. 11, it is assumed that the port allocation management database 100 and the SDN control device 200 are separate devices, but the SDN control device 200 may include the port allocation management database 100.

  As shown in FIG. 11, the port assignment management database 100 includes an inter-SDN route candidate table holding unit 101, an inter-SDN route table holding unit 102, an inter-SDN port assignment table 103, and a server-side SDN switch transmission source port number table holding unit 104. Have The inter-SDN route candidate table holding unit 101 holds inter_sdn_route. The inter-SDN path table holding unit 102 holds inter_sdn_path. The inter-SDN port allocation table 103 holds inter_sdn_port. The server-side SDN switch transmission source port number table holding unit 104 holds server_sdn_local_port.

  The SDN control device 200 includes an SDN manager unit 201 described so far as an SDN manager and an SDN controller unit 202 described as an SDN controller. As described above, the SDN manager unit 201 refers to each table of the port assignment management database 100 to perform address conversion, port assignment, and the like. The SDN controller unit 202 transmits various instructions (flow table change contents, etc.) to the SDN switch.

  The SDN switch 500 includes a flow entry editing unit 501, a flow table holding unit 502, a packet receiving unit 503, a packet match processing unit 504, an address conversion unit 505, and a packet transmission unit 506.

  The flow entry editing unit 501 edits (adds, replaces, deletes, modifies, etc.) the flow table stored in the flow table holding unit 502 based on an instruction from the SDN controller unit 202. When the packet receiving unit 502 receives a packet, the packet matching processing unit 504 compares the packet information (eg, reception port, destination / source address) with the flow table, and if there is a matching entry, the address The conversion unit 505 performs address conversion according to the content of the action of the entry, and transmits a packet from the packet transmission unit 506 corresponding to the designated port.

  FIG. 11 shows the host 10 as an example of the host. The switch 600 switches packets between the host 10 and the SDN switch 500.

  The SDN control device 200 in the present embodiment can be realized, for example, by causing one or a plurality of computers to execute a program describing the processing contents described in the present embodiment. That is, the functions of the SDN control device 200 are realized by executing a program corresponding to processing executed by the SDN control device 200 using hardware resources such as a CPU and a memory built in the computer. Is possible. The above-mentioned program can be recorded on a computer-readable recording medium (portable memory or the like), stored, or distributed. It is also possible to provide the program through a network such as the Internet or electronic mail. Note that the above program may not include a function related to each database.

  The SDN switch 500 can also be realized by causing one or a plurality of computers to execute a program describing the processing contents described in the present embodiment.

  Further, both of the SDN control device 200 and the SDN switch 500 can be realized by using a hardware circuit (integrated circuit) incorporating processing.

(Effects of embodiment, etc.)
As described above, according to the present embodiment, a system in which one SDN switch is arranged in a local network to which a host belongs and each SDN switch can directly communicate via an IP network is realized. In addition, it is possible to establish / change connections between hosts arranged in different IP spaces without changing the host settings. Also, without changing the application settings, it is possible to avoid packet loss at the time of switching and change the NW path on the way.

  That is, in this embodiment, by using an SDN switch, application resources and network resources are separated and managed, so that connection changes between hosts, load distribution additional allocation, intermediate It is possible to change the network path route.

(Summary of embodiment)
According to the present embodiment, there is provided a packet communication system comprising an SDN control device, a first SDN switch that communicates with a first host, and a second SDN switch that communicates with a second host, wherein the SDN control device is A packet address translation rule is designated for each of the first SDN switch and the second SDN switch, the first SDN switch receives a packet addressed to the first SDN switch from the first host, and the SDN control device The address of the packet is rewritten in accordance with the address conversion rule specified by, the packet with the rewritten address is transmitted to the second SDN switch, the second SDN switch receives the packet from the first SDN switch, and the SDN control Rewrite the address of the packet according to the address conversion rule specified by the device, and rewrite the address. Packet communication system is provided for transmitting the resulting packets to the second host.

  The SDN control device stores information on candidate routes that can be used between the first SDN switch and the second SDN switch together with a key that uses the name of the local network to which the host is connected as a name space. And obtaining a candidate route from the candidate route table based on the keys corresponding to the first host and the second host, and communication between the first host and the second host from the candidate route. Select the route to use.

  The SDN control device includes a combination of a port number of the first SDN switch and a port number of the second SDN switch, information on a path between the first SDN switch and the second SDN switch, and a local network to which a host is connected. The port allocation table stored together with the key having the name of the first port is referred to, the port allocation table is searched based on the key corresponding to the communication between the first host and the second host, and the port allocation table A combination of unused port numbers is determined as a combination of port numbers used for communication between the first host and the second host.

  In the communication between the first host and the second host, when the path between the first SDN switch and the second SDN switch is changed to a new path, the SDN controller is configured to use the port allocation table. Is searched, a combination of port numbers corresponding to the new route is determined, and an address translation rule including the combination is designated for each of the first SDN switch and the second SDN switch.

  According to the present embodiment, the SDN control used in a packet communication system comprising an SDN control device, a first SDN switch that communicates with the first host, and a second SDN switch that communicates with the second host. A first SDN switch, comprising: means for designating a packet address translation rule for each of the first SDN switch and the second SDN switch, wherein the first SDN switch receives a packet addressed to the first SDN switch from the first host; In accordance with the address conversion rule specified by the SDN control device, rewrites the address of the packet, operates to transmit the packet with the rewritten address to the second SDN switch, and receives the packet from the first SDN switch. The second SDN switch is set according to the address translation rule specified by the SDN control device. Rewrites the address of the packet, SDN controller operates to transmit the address is rewritten packet to the second host is provided.

  The SDN control device includes a combination of a port number of the first SDN switch and a port number of the second SDN switch, information on a path between the first SDN switch and the second SDN switch, and a local network to which a host is connected. The port allocation table is searched based on means for referring to the port allocation table stored together with the key having the name of the key and the key corresponding to the communication between the first host and the second host, and the port allocation Means for determining a combination of unused port numbers in the table as a combination of port numbers used for communication between the first host and the second host.

  According to the present embodiment, it is possible to dynamically establish and change connections between hosts arranged in different local networks without changing host settings.

  As mentioned above, although the Example of this invention was explained in full detail, this invention is not limited to such specific embodiment, In the range of the summary of this invention described in the claim, various deformation | transformation・ Change is possible.

10 Client Host 20 Server Host 100 Port Assignment Management Database Unit 101 Inter-SDN Route Candidate Table Holding Unit 102 Inter-SDN Route Table Holding Unit 103 Inter-SDN Port Assignment Table 104 Server-side SDN Switch Source Port Number Table Holding Unit 200 SDN Controller 201 SDN manager unit 202 SDN controller unit 300, 400 Network 500 SDN switch 501 Flow entry editing unit 502 Flow table holding unit 503 Packet reception unit 504 Packet match processing unit 505 Address conversion unit 506 Packet transmission unit 600 Switch

Claims (9)

An SDN controller, a first SDN switch for communicating with the first host, and a second SDN switch for communicating with the second host ,
The SDN control device designates a packet address translation rule for each of the first SDN switch and the second SDN switch,
The first SDN switch receives a packet addressed to the first SDN switch from the first host, rewrites the address of the packet according to an address translation rule specified by the SDN control device, and rewrites the packet with the rewritten address. To the second SDN switch,
The second SDN switch receives a packet from the first SDN switch, rewrites the address of the packet according to an address translation rule specified by the SDN control device, and transmits the packet with the rewritten address to the second host.
In packet communication systems,
The SDN controller is
A candidate route table storing information on candidate routes available between the first SDN switch and the second SDN switch together with a key using a name of a local network to which a host is connected as a name space; Based on a key corresponding to one host and the second host, a candidate route is obtained from the candidate route table, and a route used for communication between the first host and the second host is selected from the candidate route. packet communication system, characterized by. An SDN controller, a first SDN switch for communicating with the first host, and a second SDN switch for communicating with the second host ,
The SDN control device designates a packet address translation rule for each of the first SDN switch and the second SDN switch,
The first SDN switch receives a packet addressed to the first SDN switch from the first host, rewrites the address of the packet according to an address translation rule specified by the SDN control device, and rewrites the packet with the rewritten address. To the second SDN switch,
The second SDN switch receives a packet from the first SDN switch, rewrites the address of the packet according to an address translation rule specified by the SDN control device, and transmits the packet with the rewritten address to the second host.
In packet communication systems,
The SDN controller is
A key having a combination of a port number of the first SDN switch and a port number of the second SDN switch, information on a path between the first SDN switch and the second SDN switch, and a name of a local network to which a host is connected The port allocation table stored together with the port allocation table is searched based on the key corresponding to the communication between the first host and the second host, and an unused port number in the port allocation table is searched. Is determined as a combination of port numbers used for communication between the first host and the second host . When changing the path between the first SDN switch and the second SDN switch in the communication between the first host and the second host to a new path,
The SDN control device determines a combination of port numbers corresponding to a new route by searching the port allocation table, and determines an address conversion rule including the combination of the first SDN switch and the second SDN switch. The packet communication system according to claim 2 , wherein the packet communication system is designated for each. And SDN controller, a first 1SDN switch for communicating with the first host, runs in a packet communication system and a second 2SDN switch for communicating with a second host,
The SDN control device designating a packet address translation rule for each of the first SDN switch and the second SDN switch;
The first SDN switch receives a packet addressed to the first SDN switch from the first host, rewrites the address of the packet according to an address translation rule designated by the SDN control device, and rewrites the packet with the rewritten address. Sending to the second SDN switch;
The second SDN switch receives a packet from the first SDN switch, rewrites the address of the packet in accordance with an address conversion rule specified by the SDN control device, and transmits the packet with the rewritten address to the second host. A packet communication method comprising:
The SDN controller is
A candidate route table storing information on candidate routes available between the first SDN switch and the second SDN switch together with a key using a name of a local network to which a host is connected as a name space; Based on a key corresponding to one host and the second host, a candidate route is obtained from the candidate route table, and a route used for communication between the first host and the second host is selected from the candidate route. packet communication method characterized by. And SDN controller, a first 1SDN switch for communicating with the first host, runs in a packet communication system and a second 2SDN switch for communicating with a second host,
The SDN control device designating a packet address translation rule for each of the first SDN switch and the second SDN switch;
The first SDN switch receives a packet addressed to the first SDN switch from the first host, rewrites the address of the packet according to an address translation rule designated by the SDN control device, and rewrites the packet with the rewritten address. Sending to the second SDN switch;
The second SDN switch receives a packet from the first SDN switch, rewrites the address of the packet in accordance with an address conversion rule specified by the SDN control device, and transmits the packet with the rewritten address to the second host. A packet communication method comprising:
The SDN controller is
A key having a combination of a port number of the first SDN switch and a port number of the second SDN switch, information on a path between the first SDN switch and the second SDN switch, and a name of a local network to which a host is connected The port allocation table stored together with the port allocation table is searched based on the key corresponding to the communication between the first host and the second host, and an unused port number in the port allocation table is searched. A combination of port numbers used for communication between the first host and the second host . And SDN controller, a first 1SDN switch for communicating with the first host, is used in a packet communication system comprising a first 2SDN switch for communicating with a second host,
Means for designating a packet address translation rule for each of the first SDN switch and the second SDN switch;
It said address translation rule for said first 1SDN switch is in said second 1SDN switch receives a packet of the first 1SDN switch destined from the first host, to rewrite the address of the person the packet, wherein the address is rewritten packet No. 2 to send to SDN switch,
It said address translation rule for said first 2SDN switch, to the first 2SDN switch receives a packet from the first 1SDN switch, which is rewritten addresses of those said packets, to transmit the address is rewritten packet to the second host Is
In the SDN control device,
A candidate route table storing information on candidate routes available between the first SDN switch and the second SDN switch together with a key using a name of a local network to which a host is connected as a name space; Based on a key corresponding to one host and the second host, a candidate route is obtained from the candidate route table, and a route used for communication between the first host and the second host is selected from the candidate route. An SDN control device characterized by that. And SDN controller, a first 1SDN switch for communicating with the first host, is used in a packet communication system comprising a first 2SDN switch for communicating with a second host,
Means for designating a packet address translation rule for each of the first SDN switch and the second SDN switch;
It said address translation rule for said first 1SDN switch is in said second 1SDN switch receives a packet of the first 1SDN switch destined from the first host, to rewrite the address of the person the packet, wherein the address is rewritten packet No. 2 to send to SDN switch,
It said address translation rule for said first 2SDN switch, to the first 2SDN switch receives a packet from the first 1SDN switch, which is rewritten addresses of those said packets, to transmit the address is rewritten packet to the second host Is
In the SDN control device,
A key having a combination of a port number of the first SDN switch and a port number of the second SDN switch, information on a path between the first SDN switch and the second SDN switch, and a name of a local network to which a host is connected The port allocation table stored together with the port allocation table is searched based on the key corresponding to the communication between the first host and the second host, and an unused port number in the port allocation table is searched. Is determined as a combination of port numbers used for communication between the first host and the second host . Computer
In the SDN control device used in a packet communication system comprising an SDN control device, a first SDN switch that communicates with a first host, and a second SDN switch that communicates with a second host, the first SDN switch and the first It functions as a means to specify packet address translation rules for each of the two SDN switches ,
The address translation rule for the first SDN switch causes the first SDN switch that has received a packet addressed to the first SDN switch from the first host to rewrite the address of the packet, and the packet with the rewritten address is the second SDN. To send to the switch,
The address translation rule for the second SDN switch causes the second SDN switch that has received a packet from the first SDN switch to rewrite the address of the packet and transmit the packet with the rewritten address to the second host. is there
In the program, the computer is
A candidate route table storing information on candidate routes available between the first SDN switch and the second SDN switch together with a key using a name of a local network to which a host is connected as a name space; Based on a key corresponding to one host and the second host, a candidate route is obtained from the candidate route table, and a route used for communication between the first host and the second host is selected from the candidate route. To function
A program characterized by that . Computer
In the SDN control device used in a packet communication system comprising an SDN control device, a first SDN switch that communicates with a first host, and a second SDN switch that communicates with a second host, the first SDN switch and the first It functions as a means to specify packet address translation rules for each of the two SDN switches ,
The address translation rule for the first SDN switch causes the first SDN switch that has received a packet addressed to the first SDN switch from the first host to rewrite the address of the packet, and the packet with the rewritten address is the second SDN. To send to the switch,
The address translation rule for the second SDN switch causes the second SDN switch that has received a packet from the first SDN switch to rewrite the address of the packet and transmit the packet with the rewritten address to the second host. is there
In the program, the computer is
A key having a combination of a port number of the first SDN switch and a port number of the second SDN switch, information on a path between the first SDN switch and the second SDN switch, and a name of a local network to which a host is connected The port allocation table stored together with the port allocation table is searched based on the key corresponding to the communication between the first host and the second host, and an unused port number in the port allocation table is searched. Is determined as a combination of port numbers used for communication between the first host and the second host.
A program characterized by that .

Images